Authored by Dexter Shin  Summary  Cybercriminals are constantly evolving their techniques to bypass security measures. Recently, the McAfee Mobile

Introduction The Android Activity lifecycle is a sequence of state changes and callbacks that every Android Activity goes through from creation to destruction.Understanding the Android Activity lifecycle is important not only for developers aiming to build…

EXECUTIVE SUMMARY In this report, CYFIRMA examines the tactics employed by a Pakistan-based APT group, assessed with medium confidence as...

Sophos X-Ops uncovers a recent campaign from an Android RAT first seen in 2019 – now infecting users in Taiwan

In a previous blog post, I introduced Feberis, a versatile expansion board that enhanced the capabilities of the Flipper Zero by offering additional communication protocols. Now, I am excited to dive into the newly released Feberis Pro, a next-generation…

ThreatFabric analysts discovered a new Device-Takeover Android banking Trojan equipped with remote access, black screen overlays, and advanced credential theft capabilities.

Beware of TsarBot! This Android banking Trojan spreads via phishing, steals credentials, and hijacks devices. Stay safe with our latest insights.

Author: HyeongJun Kim | S2W TALON

Discover detailed analysis of Salvador Stealer, a new Android malware targeting users of mobile banking apps.

In our high-tech world, sneaky cyber threats can pop up anywhere. Lately, we’ve spotted sneaky malware on Android...

The NCSC and partners publish new information and mitigation measures for those at high risk from two spyware variants.

This advisory provides new and collated threat intelligence on two variants of spyware known as BADBAZAAR and MOONSHINE, and includes advice for app store operators, developers and social media companies to help keep their users safe.

CTM360’s Play Masquerading Party (PMP) report exposes an evolution of the PlayPraetor scam, highlighting fake Play Store pages, phishing apps, and RAT variants targeting global users

SMS Pumping fraud is a deceptive scheme where fraudsters manipulate SMS verification systems to inflate non-organic traffic and generate revenue at businesses’ expense. Discover how it works and ways to mitigate it.

In this article, I will share a tip for those interested in performing a more detailed analysis of the behavior of native methods, with a…

Deceptive websites hosted on newly registered domains are being used to deliver AndroidOS SpyNote malware. These sites mimic the Google Chrome install page on the Google Play Store.

This article marks the first in a series aimed at sharing my adventures, personal notes, and insights into the Android kernel. My focus…

Full noscript: Rethinking Emulation for Fu(zzi)n(g) and Profit: Near-Native Rehosting for Embedded ARM Firmware
Slides: https://github.com/binarly-io/Research_Publications/blob/main/REverse_2025/Near-Native%20Rehosting%20for%20Embedded%20ARM%20Firmware.pdf
…

Every year, cryptocurrencies become more and more common as a payment method. According to the data for 2023, in developed countries about 20% of the population has at some time used such a means of payment, and in developing countries, where the banking…